﻿<!--#Include File="../../Inc/Const.Asp"-->
<!--#Include File="../Inc/Class_Setting.Asp"-->
<%
Select Case Request("Act")
Case "Login"
	Session("Content_IN_Cache") = "" ' 上级退出时保存的内容清空
	Dim Username,Password,vcode
	Username = Request("Username")
	Password = Request("Password")
	vcode = Request("vcode")
	Username = Replace(Replace(Replace(Username,"'","")," ",""),")","")
	Password = Replace(Password,"'","")
	Password = MD5(Password,32)
	If Cstr(vcode) <> Cstr(Session("logincode")) Then response.Write( "验证码不匹配") :response.End() End If
	
	If len(Username) < 2 Then response.Write( "你的帐号不正确！") : Response.End()
	Dim Rs,CheckCode
	Set Rs = DB("Select [Username],[Password],[Levels],[ManagePlus],[ManageChannel],[Uploadfileexts],[Uploadfilesize] From [{pre}Admin] Where [Username]='" & Username & "'",1)
	If Rs.Eof Then
		Rs.Close
		Conn.Close
		Response.Write( "你的帐号不存在！"):Response.End()	
	Else
		If LCase(Password) = LCase(Rs("Password")) Then
			Randomize : Dim RndStr : RndStr = MD5(Rnd & rs("username"),32)
			CheckCode=MD5(Cacheflag & GetIP & RndStr,32)
			call setLogin("admin","username",rs("username"))
			call setLogin("admin","password",rs("password"))
			call setLogin("admin","levels",rs("levels"))
			call setLogin("admin","manageplus",rs("manageplus"))
			call setLogin("admin","managechannel",rs("managechannel"))
			call setLogin("admin","uploadfileexts",rs("uploadfileexts"))
			call setLogin("admin","uploadfilesize",rs("uploadfilesize"))
			Response.Cookies(Cacheflag)("login_admin_username") = rs("username")
			Response.Cookies(Cacheflag)("login_admin_password") = CheckCode
			Response.Cookies(Cacheflag).Expires = Date+1
			DB "Update [{pre}Admin] Set CheckCode='" & RndStr & "' Where Username='" & rs("username") & "'",0
			Rs.Close
			Call ClsCache()
			Conn.Close : Set Conn = Nothing
			Response.Write "<Script>top.location.href='Index.Asp';</Script>"
			Response.End
		Else
			Rs.Close
			Conn.Close
			Response.Write "你的密码不正确！"	
		End If
	End If
Case "Logout"

	dim loguser : loguser=replace(replace(replace(replace(getlogin("admin", "username"),"'",""),"(",""),"*",""),"?","")
	db "Update [{pre}Admin] Set CheckCode='" & Timer & "' Where Username='" & loguser & "'",0
	call setLogin("admin","username","")
	call setLogin("admin","password","")
	call setLogin("admin","levels","")
	call setLogin("admin","manageplus","")
	call setLogin("admin","managechannel","")
	call setLogin("admin","uploadfileexts","")
	call setLogin("admin","uploadfilesize","")
	Response.Cookies(Cacheflag)("login_admin_username") = ""
	Response.Cookies(Cacheflag)("login_admin_password") = ""
	Response.Write "<Script>top.location.href='Login.Asp';</Script>"
End Select
%>